<?php
require_once "../lib/common.php";
$response = array();

if ( isset($_POST['update']) || isset($_POST['delete'])) {
    if (isset($_POST['description'])) {
        $_POST['description'] = htmlentities($_POST['description']);
    }
    if (isset($_POST['isbn'])) {
        $_POST['isbn'] = htmlentities($_POST['isbn']);
    }
    if (isset($_POST['title'])) {
        $_POST['title'] = htmlentities($_POST['title']);
    }
    $userLoggedIn = Login::getLoggedIn();
    if ($userLoggedIn == null) {
        error_die("access denied");
    }
    if ($userLoggedIn->admin != 1 && $userLoggedIn->employee != 1) {
        error_die("access denied");
    }

    if ( isset($_POST['update']) ) {
        if (isset($_POST['category'])) {
            if ($_POST['category'] != 0 ) {
                $cat = BookCategory::find( array(
                    'conditions' => array('id' => $_POST['category'])
                ));
                if (count($cat) != 1) {
                    error_die("invalid category");
                }
            }
            $_POST['category_id'] = $_POST['category'];
            unset($_POST['category']);
        }
        if ( isset($_POST['id']) && !empty($_POST['id']) ) {
            $book = Book::find($_POST['id']);
            $ret = $book->update_attributes_filter($_POST,$book->attributes());
            if ($ret == false) {
                $err_msgs = $book->errors->full_messages();
                error_die($err_msgs[0]);
            }
        } else {
            $book = new Book();
            $ret = $book->update_attributes_filter($_POST,$book->attributes());
            if ($ret == false) {
                $err_msgs = $book->errors->full_messages();
                error_die($err_msgs[0]);
            }
        }
    } elseif ( isset($_POST['delete']) ) {
        $book = Book::find($_POST['id']);
        if ($book->reviews != null) {
            foreach ($book->reviews as $review) {
                $review->delete();
            }
        }
        if ($book->carts != null) {
            foreach ($book->carts as $item) {
                $item->delete();
            }
        }
        $book->delete();
    }
} else {
    $empty_book = new Book();
    $response['attributes'] = array_keys($empty_book->attributes_but(array("category_id")));
    array_push($response['attributes'],"category");
    unset($empty_book);
    $books_collection = array();
    if (isset($_GET['cat'])) {
        $cond = array('conditions' => array('category_id'=>(int)$_GET['cat']));
        $books = Book::all($cond);
    } else if (isset($_GET['book'])) {
        try {
            $books = array(Book::find((int)$_GET['book']));
        } catch (ActiveRecord\RecordNotFound $e) {
            error_die("invalid book id");
        }
    } else {
        $books = Book::all();
    }
    foreach ($books as $book) {
        $attrs = $book->attributes_but(array("created_at","updated_at","category_id"));
        $attrs['created_at'] = $book->created_at->format('Y-m-d H:i');
        $attrs['updated_at'] = $book->updated_at->format('Y-m-d H:i');
        if ($book->category != null) {
            $attrs['category'] = $book->category->attributes();
        } else {
            $attrs['category'] = null;
        }
        if ($book->reviews != null) {
            $attrs['no_of_reviews'] = count($book->reviews);
        } else {
            $attrs['no_of_reviews'] = 0;
        }
        array_push($books_collection,$attrs);
    }
    $response['collection'] = $books_collection;
}
if (!empty($response)) {
    echo json_encode($response);
}
?>
